PT-2023-8187 · Go +10 · Go +10

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.21.5 Go versions prior to 1.20.12 Description: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. ...

CLSA-2023-1700211046 squid: Fix of 2 CVEs

CVE-2023-46846: Improve HTTP chunked encoding compliance - CVE-2023-46847: Fix stack buffer overflow when parsing Digest Authorization...

CLSA-2023-1700161280 squid: Fix of 3 CVEs

CVE-2023-46846: Improve HTTP chunked encoding compliance - CVE-2023-46847: Fix stack buffer overflow when parsing Digest Authorization - CVE-2023-46848: Fix userinfo percent-encoding...

squid: Request/Response smuggling in HTTP/1.1 and ICAP

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems...

squid:4 security update

libecap squid 4.15-6.0.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847...

squid security update

7:5.5-5.el92.1 - Improve HTTP chunked encoding compliance CVE-2023-46846 - Fix stack buffer overflow when parsing Digest Authorization CVE-2023-46847 - Fix userinfo percent-encoding CVE-2023-46848...

Node.js: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks

A vulnerability in Node.js HTTP servers was discovered that allowed denial of service DoS attacks. By sending specially crafted HTTP requests with chunked encoding, an attacker could cause resource exhaustion on the server. The lack of limitations on chunk extension bytes enabled the server to re...

PT-2023-8975 · Node.Js +8 · Node.Js +8

Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The serv...

USN-6398-1 minidlna vulnerabilities

It was discovered that ReadyMedia was vulnerable to DNS rebinding attacks. A remote attacker could possibly use this issue to trick the local DLNA server to leak information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-26505 It was...

SUSE CVE-2023-40175

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

DEBIAN-CVE-2023-40175

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

Puma 环境问题漏洞

Puma is a web server for highly concurrent applications by Evan Phoenix, an individual developer in the United States. An environmental issue vulnerability exists in Puma that stems from a security issue when parsing trailing fields and zero-length Content-Length headers in the body of the chunke...

Exploit for Out-of-bounds Write in Readymedia_Project Readymedia

CVE-2023-33476 ReadyMedia MiniDLNA versions from 1.1.15 u...

CVE-2023-33476

ReadyMedia MiniDLNA versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the...

DEBIAN-CVE-2023-33476

ReadyMedia MiniDLNA versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the...

UBUNTU-CVE-2023-33476

ReadyMedia MiniDLNA versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the...

CVE-2023-33476

ReadyMedia (MiniDLNA) vulnerable in versions 1.1.15–1.3.2 due to incorrect validation of HTTP chunked requests, causing a heap-based buffer overflow with out-of-bounds read/write. Impact includes potential exposure or compromise of data; advisories recommend upgrading to a newer release (Gentoo G...

CVE-2023-33476

ReadyMedia MiniDLNA versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the...

CVE-2022-33223

Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding...

Null pointer dereference

Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding...